A Poisoned PyPI Package Quietly Hit 36 Percent of Cloud Environments Through LiteLLM
LiteLLM 1.82.7 and 1.82.8 silently swept AWS credentials, Kubernetes configs, and SSH keys from 3.4 million daily installs. Here is exactly what the payload did and how Strobes AI detects and shuts it down.
What is an Exposure Assessment Platform? The Complete Guide for Security Leaders
An Exposure Assessment Platform (EAP) is the connective tissue that unifies, normalizes, prioritizes, and mobilizes remediation across your entire attack surface. This guide covers how EAPs work, why they replace traditional vulnerability management, and how to evaluate one for your CTEM program.
Security Insights
Deep dives, expert analysis, and practical guidance on exposure management, adversarial validation, and the future of AI-driven exposure management.
Agentic Pentesting with Strobes AI
What happens when you point Strobes AI at a real web app and let it run a full OWASP WSTG assessment with zero hand-holding? 32 tasks, 21 phases, 42 confirmed vulnerabilities — all autonomous.
Building an AI Harness for Offensive Security: What It Takes to Turn LLMs Into Reliable Pentest and Validation Operators
The model is 20% of the problem. Here is the engineering story behind the orchestration, tooling, middleware, and infrastructure that turns a capable LLM into a reliable penetration testing operator.
Why Crawling Is the Hardest Part of AI-Powered Pen Testing (And How We Fixed It)
AI agents are brilliant at reading code but terrible at navigating browsers. Here's how Strobes combines static analysis, CDP-based swarm crawling, and human browser handover to build a complete attack surface map before testing begins.
Top Data Breaches of February 2026
February 2026 brought a series of significant data breaches spanning automotive, aviation, hospitality, finance, telecom, and media. The incidents were not driven by a single attack method. Some resulted from credential stuffing, others from ransomware and extortion tactics, and several from inadequ
42,900 OpenClaw Exposed Control Panels and Why You Should Care
Over the past two weeks, most coverage around Moltbot and OpenClaw has chased the flashy angle. One-click exploits, remote code execution, APT chatter, scary screenshots. Meanwhile, security teams are doing what they always do when a new tool gets hit. Patch, block ports, rotate keys. That's necessa
Driving CTEM Adoption Across the Enterprise
Most enterprises are not short on security activity. They run scanners, onboard new tools, commission assessments, run internal reviews, and publish regular risk reports. Yet exposure still slips through. Incidents still trace back to issues that were already known. Teams still debate what matters m
Exposure Assessment vs Adversarial Exposure Validation
Your security team just delivered another quarterly report. 847 vulnerabilities discovered. 23 rated critical. 156 high severity. CVSS scores assigned. Remediation priorities set. And yet, like last quarter, the backlog grows faster than your team can patch. Worse, you're left wondering: are we fixi
Adversarial Exposure Validation for Modern Environments
What is Adversarial Exposure Validation? Adversarial Exposure Validation is a structured approach that applies attacker-style actions to confirm how your environment behaves under real pressure. Instead of stopping at detection, it recreates the tactics hostile actors use to prove which exposures ac
Why Deduplication Is the Most Underrated Security Control
Security teams face constant pressure from an overload of alerts and findings. Every new scanner or assessment adds to the pile, making it hard to focus on what matters. Instead of streamlining efforts, these tools often create more confusion by repeating the same issues across reports. This is wher
Top 10 Exposure Management Platforms That Truly Reduce Risks
If you’ve owned security outcomes for any length of time, the shift is clear. Counting CVEs no longer tells you whether risk is actually going down. Attack surfaces expand continuously, change faster than teams can track, and traditional scanners struggle to show what attackers are actually exploiti